Highly publicized hacking attacks have prompted design teams throughout the supply chain to beef up their security efforts. Chipmakers are playing a key role in this effort, adding encryption capabilities to CPUs used throughout the vehicle.
Automakers have seen what can happen in industrial and medical facilities, where hackers have hijacked networks and asked for ransom for not controlling systems. Research teams that hacked into vehicles haven’t done much mischief, but they’ve gotten a lot of attention, which has rippled out to suppliers.
“In the last couple years, we’ve seen more interest from OEMs and Tier 1s to provide some security in a wide range of products from infotainment to anything that’s safety critical,” said Paul Kanan, Senior Manager, Automotive Controls Solutions Marketing at Renesas Electronics America’s Automotive Marketing Unit.
The adoption of commercial technologies such as wireless and USB ports is a key factor, following a trend that occurred in industrial facilities when they changed from proprietary networks to commercial Ethernet.
“Some hacking techniques require physical access to the car through something like a USB port, while other threats can be controlled remotely via a wireless link to the vehicle such as Wi-Fi, the Internet, and others,” said Bas Mevissen, Lead Security Software Architect at Visteon. “In general, the hacking attempts where people have physical access to the vehicle and can tamper with the hardware are the most critical threats.”
Almost all trends in vehicle control point to a continued expansion of vulnerabilities. Smart phone apps are increasingly connecting to vehicle systems, opening another avenue for malware, and the long-term goal of intelligent transportation systems with vehicle-to-vehicle communications will open more pathways for attackers.
“Factors like the advances in infotainment, intelligent transportation systems, and communication increase the possibility of unauthorized access where some can steal information or take control of the vehicle,” said Richard Soja, Distinguished Member of the Technical Staff at Freescale Semiconductor.
Isolating critical systems is one of the simplest steps OEMs are taking. Infotainment systems and others that are more open to potential problems are prevented from most interactions with safety systems and others.
“Auto manufacturers try to keep the more critical modules isolated from access,” Mevissen said. “For example, powertrain modules are protected by several gateways and firewalls.”
Beyond that, automakers are beginning to use data encryption to make it difficult for hackers to steal code or send spurious messages across vehicle networks. Chipmakers are speeding up the task of encrypting and decrypting signals by adding dedicated peripherals or CPU cores. Some are using AES-128, a National Institute of Science and Technology (NIST) standard.
“We’re adding intelligent cryptographic units, hardware accelerators that allow us to compute AES-128 protocols quickly,” Kanan said. “Some OEMs are asking for a separate CPU core that’s used for cryptographic processing and caching, especially if they’re using private key cryptography.”
The perpetual challenge of security systems is to stay ahead of attackers as they find ways to thwart protective schemes. European automakers have formed EVITA (E-safety Vehicle Intrusion proTected Applications), a research group project focused on automotive security that developed a Secure Hardware Extension (SHE) module for microcontrollers.
It protects secret keys against software attack and reduces the risk of successful physical attack by avoiding use of global keys or series-specific passwords. That module can be used in conjunction with AES-128. It’s being employed with powerful on-chip peripherals. For example, Infineon’s 65-nm automotive microcontrollers have a hardware security module (HSM) that employs many security techniques.
“In contrast to the integrated control logic of SHE, the HSM module is equipped with a flexible, multitasking 32-bit encryption processor,” said Bjoern Steurich, Senior Marketing Manager Powertrain Systems at Infineon Technologies AG. “The 128-bit AES hardware accelerator has added functionality and an additional hardware accelerator for asymmetrical cryptographic computing operations.”
This technique helps the company protect the keys that let controllers decrypt messages. Chipmakers are using different techniques to protect these keys so hackers can’t crack security codes.
“Access to secret keys stored in flash can be limited by software that prevents unauthorized software from accessing the secret key,” Soja said.
While automakers want to prevent hackers from attacking vehicles, they also want to protect their proprietary software. Many are using cryptography to store the software that often differentiates their features and functions from those offered by competitors.
“One function of the security peripheral is to encrypt data in memory so companies can protect their intellectual property,” Kanan said. “You can encrypt everything in the memories so no one can get in and see the code. These functions can also verify that code is unchanged whenever the device is powered up.”
Security techniques can also be used to prevent the use of counterfeit components. Fake microcontrollers won’t have the right security keys. If they don’t, startup functions can often spot the presence of a bootlegged controller.
“At the end of the secure boot, a domain computer such as a body domain controller will check the authenticity of the controllers of the related onboard network domain,” Steurich said. “If the electronic control unit keys are not authenticated, this indicates that the unit has been substituted with an unauthorized device. The system then prevents the actual application software for air-conditioning, CD changer, or other body domain functions from booting.”